November 2017

With advances in technology cyber security is always one of those issues at the forefront for businesses who are constantly having to review their processes, technologies, networks, systems and data storage. There are an increasing number of ways that cyber criminals can target your business including malware, ransomware, viruses or spyware, all of which are usually intended to either cause damage or exploit information from individuals and organisations.

Next generation security

Technology will only develop further, as will the ways in which cyber criminals try to break through security, so the UK Government have launched a £20m initiative to work with the experts of tomorrow. The Cyber Discovery Programme is aimed at 14 to 18 year olds with the goal of building interest within the cyber security industry and ultimately avoiding the future potential skills gap.

Hacker clubs

One way the government are trying to encourage the next generation is by using ‘Hacker Clubs’ which the young people can enrol on. Progression for the best performers will be through a more comprehensive curriculum that will introduce them to the world of cyber security. This programme will cover things like digital forensics, programming and the ethics of hacking. It is hoped that by providing a mix of online challenges, real-world technical situations and classroom learning the young people will not only learn but gain an interest with the hope they will want to progress. As part of the project mentors will also set up additional clubs for those that want to develop their skills further.

Why is cyber security important?

The world we live in is constantly changing and the way we live in it has become much more connected and interactive. Technology is now a significant part of our lives and very much integrated in the way we operate day to day which can leave us vulnerable when something fails.

Although we now have some of the best cyber security measures in place, attacks seem to be happening more frequently which is possibly as a result of increasing reliability on technology. Thankfully there is significant investment in the cyber security industry and the government’s new Cyber Discovery Programme is a great step forward to help us tackle this problem in the future. Find out more about the programme here or read the BBC’s article on it’s launch.

Current data protection guidelines are based on a Data Protection Act (DPA) introduced in 1998. Nearly 20 years on there have been significant advances in technology resulting in changes to the way individuals and organisations communicate and share information.

The new GDPR, which will be introduced on 25th May 2018, addresses these changes giving a more relevant and consistent legal framework, in addition to a better unified approach for EU member states and will be relevant for any company that has a responsibility for data protection.

It has also been confirmed that the UK’s decision to leave the EU should not have any impact on the implementation of the GDPR, a question that has caused some uncertainty, organisations should continue with their plans to enable compliance.

Organisations are frequently operating internationally now so consistency of data protection, laws and rights, are crucial for both businesses and individuals. With the rapid and continuing growth of the digital economy it is more important than ever to standardise and put in place sufficient safeguards in relation to data protection.

Who does GDPR apply to?

The GDPR will apply to ‘controllers’ and ‘processors’, definitions currently used which will generally remain the same, for example, the controller defines how and why personal data is processed and the processor takes actions on their behalf. If you are currently required to adhere to the DPA then it is likely the GDPR will also apply.

Under the new GDPR specific legal obligations will start to apply if you are a processor and you will be required to maintain records of personal data and processing activities. A new requirement of the GDPR will mean greater legal liability for processors in the event of a breach. From a controller’s perspective the obligation is also increased to ensure that all processor contracts are fully compliant with the GDPR.

The GDPR applies to organisations operating within the EU but also to those outside the EU offering goods or services to those individuals within it.

What information has to comply with GDPR?

The definition of personal data becomes much more detailed under the new regulations and will include, for example, an IP address. This has been introduced to incorporate the advancements in technology and the way in which information about people is now collected. Any organisation currently storing HR records, customer lists or contact details etc. will be affected by GDPR and should ensure compliance.

Encryption

New guidance was recently issued for the use of encryption software, and whilst it doesn’t state an organisation must encrypt data, there is a responsibility to protect and ensure any personal details you hold or gather are secure. Loss or theft of sensitive information is much more likely to occur if no encryption procedure is in place.